package com.demo.webapp.service.impl;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import com.demo.core.model.Member;
import com.demo.core.model.MemberRole;
import com.demo.core.model.Role;
import com.demo.core.model.Site;
import com.demo.core.service.base.MemberRoleService;
import com.demo.core.service.base.MemberService;
import com.demo.core.service.base.RoleService;
import com.demo.security.access.model.SecurityRole;
import com.demo.security.access.model.SecurityUser;
import com.demo.security.impl.UserDetailsServiceSupport;
import com.demo.security.impl.UserDetailsWrapper;
import com.demo.security.web.exception.SiteAccessException;
import com.demo.webapp.context.MultisiteContextHolder;

/**
 * CMS站点用户信息服务实现类
 * 对登录用户取得用户的详细角色信息
 * 
 * @author ryuu.kk
 *
 */
public class UserDetailsServiceImpl extends UserDetailsServiceSupport {
	
	/**
	 * 角色服务
	 */
	private RoleService roleService;
	
	/**
	 * 会员角色服务
	 */
	private MemberService memberService;
	
	/**
	 * 会员角色服务
	 */
	private MemberRoleService memberRoleService;

	/**
	 * 增加创建UserDetails方法
	 * <br/>创建新的登录用户信息模型
	 * @return UserDetails
	 */
	protected UserDetails createUserDetails(SecurityUser user, Collection<GrantedAuthority> grantedAuths) {

		Site site = MultisiteContextHolder.getContext().getMultisite();
		Member member = memberService.find(user.getId(), site.getId());
		if (member == null) {
			// 不是该站点会员
			throw new AccessDeniedException("user:[" + user.getUserName() + "] is not MEMBER in Site:[" + site.getName() + "]!!!");
		}
		return new UserDetailsWrapper<SecurityUser, Object>(user, member, grantedAuths);
	}
	
	@Override
	public Collection<SecurityRole> getRoles(SecurityUser user) {
		//取得当前访问的站点
		List<SecurityRole> roleList = new ArrayList<SecurityRole>();
		
		Site site = MultisiteContextHolder.getContext().getMultisite();
		if (site == null) {
			if (LOG.isInfoEnabled()) {
				LOG.info("Site is null, place check current url.");
			}
			throw new SiteAccessException("Site is null, place check current url.");
		}
		
		roleList.addAll(memberRoleService.queryRole(site.getId(), user.getId()));
		/* ***********************************************************************
		 * 删除用户不存在站点或用户是站点会员,但未分配角色的逻辑判断
		 * 如果非站点会员,则createUserDetails创建时进行判断
		Member member = memberService.find(user.getId(), site.getId());
		if (member != null) {
			List<MemberRole> memberRoleList = memberRoleService.findRole(member.getId());
			if (memberRoleList != null) {
				for (MemberRole rm : memberRoleList) {
					if (rm.isEnabled()) {
						Role role = roleService.find(rm.getRoleId());
						roleList.add(role);
					}
				}
			} else {
				throw new AccessDeniedException("user:[" + user.getUserName() + "] is not exist ROLE in Site:[" + site.getName() + "]!!!");
			}

		} else {
			// 用户验证正确,但不是该站点会员
			// nothing...
			throw new AccessDeniedException("user:[" + user.getUserName() + "] is not MEMBER in Site:[" + site.getName() + "]!!!");
		}
		************************************************************************** */
		return roleList;
	}
	
	@Override
	protected void initInvocation() {
		//nothing
	}
	
	public void setMemberRoleService(MemberRoleService memberRoleService) {
		this.memberRoleService = memberRoleService;
	}

	public void setRoleService(RoleService roleService) {
		this.roleService = roleService;
	}

	public void setMemberService(MemberService memberService) {
		this.memberService = memberService;
	}
}